AT&T has confirmed a data breach impacting 73 million current and former customers, despite initially denying that the leaked data originated from their systems.
This confirmation comes after AT&T repeatedly denied any involvement in a significant leak of customer data over the past two weeks, maintaining that their systems had not been breached.
While AT&T insists there is no evidence of a breach, they have now verified that the leaked data belongs to 73 million current and former customers. "Based on our initial analysis, the data set appears to be from 2019 or earlier, affecting approximately 7.6 million current AT&T account holders and around 65.4 million former account holders," AT&T stated in a communication shared with SecureXplore.
Additionally, the company disclosed that security passcodes used to secure accounts were exposed for 7.6 million customers.
In 2021, an entity called Shiny Hunters claimed to be selling the stolen data of 73 million AT&T customers, including names, addresses, phone numbers, and, for many, social security numbers and birth dates. AT&T initially denied any breach or data originating from them. However, in 2024, another threat actor leaked the same dataset on a hacking forum, asserting it to be the data stolen by Shiny Hunters.
Upon analysis by SecureXplore, it was found that the data contained the sensitive information claimed by Shiny Hunters, though not every customer had their social security number or birth date exposed. AT&T once again denied any breach or data origin.
Nevertheless, interviews conducted by SecureXplore with over 50 AT&T and DirecTV customers post-leak confirmed that the leaked data contained information specific to their AT&T accounts. These customers used disposable email addresses from Gmail or Yahoo exclusively for DirecTV or AT&T services.
This suggests that the data must have originated from DirecTV or AT&T. Troy Hunt also confirmed similar details from customers post-data addition to the Have I Been Pwned service.
Despite multiple attempts to reach out to AT&T with this information, the company only responded today, stating that further details would be shared via their published statement and a new page dedicated to securing AT&T accounts.
The security advisory page revealed that passcodes for 7.6 million AT&T customers were compromised and reset by the company. Passcodes are crucial for enhancing the security of AT&T accounts, required for customer support, retail store transactions, or online account access.
"We've become aware of compromised AT&T passcodes," reads the updated AT&T advisory. "We're contacting all 7.6 million affected customers and have reset their passcodes. Additionally, we'll be reaching out to current and former account holders with compromised sensitive personal information."
TechCrunch initially reported on the compromised passcodes after being alerted by a researcher who stated that the leaked data contained encrypted passcodes for millions of users.
Furthermore, AT&T asserts that the data appears to be from 2019 or earlier and does not include personal financial information or call records. The company pledges to notify all 73 million former and current customers about the breach and the necessary steps to be taken.
AT&T customers can also use Have I Been Pwned to determine if their data was compromised in this breach.
